package cn.woniu.wxy.config;

import cn.woniu.wxy.handler.*;
import cn.woniu.wxy.service.SecurityServicce;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true,prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private SecurityServicce securityServicce;
    @Autowired
    private LoginSuccessHandler loginSuccessHandler;

    @Autowired
    private JWTFilter jWTFilter;
    @Bean
    public PasswordEncoder getPassword(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        //创建密码机加密器
//        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
//        //给密码加密
//        String password = passwordEncoder.encode("123");
//        //给security指定用户名和密码
//        auth.inMemoryAuthentication().
//                withUser("tom")
//                .password(password)
//                .roles("admin");
        auth.userDetailsService(securityServicce);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //告诉security 使用自定义登陆页面

        http.formLogin()
        //定位到login页面的位置
//                .loginPage("/login.html")
//                .loginProcessingUrl("/dologin")//告诉表单提交的地址
//                .defaultSuccessUrl("/index.html")
                .successHandler(loginSuccessHandler)
                .failureHandler(new LoginFailureHandler())
                .permitAll();//所有请求都拦截

        http.exceptionHandling()
                        .authenticationEntryPoint(new MyAuthenticationEntrypoint())
                        .accessDeniedHandler(new MyAccesssDeniedHandler());
        /**
         * 退出系统
         */
        http.logout().logoutSuccessHandler(new MyLogoutSucesshandler());

//        http.cors();

        http.authorizeRequests()
                //配置insert 路径只能是拥有admin角色才能访问
                //.antMatchers("/insert").hasAnyAuthority("admin")
                //配置insert方法，拥有admin和user方法都可以访问
//                .antMatchers("/insert").hasAnyAuthority("admin","user")
//                .antMatchers("/update").hasRole("1")
                .antMatchers("/file/**","/menuListCustomer","/comments/commentsList",
                        "/goods/pointGoodsList","/type/queryList","/label/query","/type/queryList",
                        "/goods/goodslist","/goods/pointGoodsList","/goods/queryGoods","/alipay/**",
                        "/customer/insertRegister","/customer/queryAccount","/orders/**").permitAll()
                .anyRequest().authenticated();//所有请求都拦截

        http.csrf().disable();//关闭跨站脚本攻击

        //前后端项目中要禁用session
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

        //注册jwt的过滤器
        http.addFilterAfter(jWTFilter, UsernamePasswordAuthenticationFilter.class);


    }
}
